[X2Go-User] PostgreSQL backend and broker issues

Mon Nov 11 11:05:10 CET 2013

hi Michael,

thanks for testing X2Go...

On  Sa 09 Nov 2013 17:20:37 CET, Michael Gale wrote:

> Hello,
>
>     I am currently trying to get a multinode installation up and running, I
> am looking at supporting over 300 end users.
>
> On the servers I have:
> x2goagent: 3.5.0.21
> x2goserver: 4.0.1.6
> x2goserver-extensions: 4.0.1.6
> x2goserver-xsession: 4.0.1.6
>
> On the broker I have:
> x2goagent: 3.5.0.21
> x2goserver: 4.0.1.6
> x2goserver-extensions: 4.0.1.6
> plus the broker package
>
>
> Some weird things I can't resolve or figure out from the documentation.
> 1. On ServerB I can run 'x2golistsessions --all-servers' as a logged
> regular user however it fails on ServerA. Can't figure out why.

The servers need to have identical home directories. The X2Go  
PostgreSQL database backend uses db passwords stored in ~/.x2go/sqlpass.

If you have separate homes folders for the servers, then you have to  
make sure ~/.x2go/sqlpass is available for each user in all $HOMEs.

> 2. On ServerA I could run '/usr/lib/x2go/x2gobroker-agent ubuntu
> listsession' until I ran '/usr/sbin/x2godbadmin --adduser ubuntu' on
> ServerB, than ServerA broke.

This makes sense. It really sounds like you do not have NFS'ed homes.

> So I think I know what is happening but can you confirm:
> 1. NFS is required for the sharing of /home/* because of configs that are
> stored under /home/<user>/.x2go/ for example the sqlpass file.
> 2. I need to run "/usr/sbin/x2godbadmin --adduser <username>" for every
> users that will login with an x2goclient? Is there a way to automatically
> run this?

Some people do that via CRON job. Some people do that via tweaking  
sshd_config and they capture every SSH command starting with x2go* and  
run x2godbadmin then.

> 3. It looks like the broker is attempting to deploy SSH keys??
> --snip--
> 2013-11-09 16:10:39,837 - broker - DEBUG - Executing agent command on
> remote host (x2go-server): sh -c "/usr/lib/x2go/x2gobroker-agent ubuntu
> addauthkey 'no-X11-forwarding,no-pty,no-user-rc ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAABAQDWXTLaWn6lX+tQMkCrDkU7B+LnOYlmHxftCKamZWHH9ZQLODj+A9Lq9gq6bcBJCT3pQdbj2fr3HCiPiDAw5/vO2bs3ixhSy3nCevoJbRcz8bx1JiRQgAalb8yL9DeztsXnCqHb2Et3c3F78N8CFC0RuxoKtjEzrvB8DhgpE5OQdQwqG7GYZ6z6dXstSY85DRTwYer5CVyT18Luv3q8Gew8mThcFJIGgAHwSKByqwyTPitPll138a2VwmN5Wqd8+WfYdixYxLk52sc8lBhR55URxmNaRUtnXO1DTmoVUe/908wO5BBRA1S9yWLmC4EVPg2CiYN5oNCCBKNtUNLR4KMV
> ubuntu at 192.168.1.3' '%h/.x2go/authorized_keys'"
> --snip--
>
> Where is this used? The x2goclient (QT version) is connecting to the broker
> over HTTPS and the x2goservers over SSH.

The broker agent indeed deploys SSH keys. X2Go Client can receive such  
key when in broker mode and then straight forwardly log into the X2Go  
server. This then means, that the HTTPS connection must be  
trustworthy, because it is authoritive.

> BTW this is an awesome set of products, I would be willing to update some
> of the documentation on the web site if you can give me an account to the
> wiki.

Please file a wishlist issue for that on X2Go BTS [1]. Doc updates are  
always welcome.

Mike

[1] http://wiki.x2go.org/doku.php/wiki:start#x2go_wiki_signing_up

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 7251 bytes
Desc: ?ffentlicher PGP-Schl?ssel
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20131111/2ef15af7/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20131111/2ef15af7/attachment.pgp>